Security Alerts & News
by Tymoteusz A. Góral

History
#214 Critical glibc vulnerability puts all Linux machines at risk
Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory.
#213 Dridex: Financial Trojan aggressively spread in millions of spam emails each day
Symantec analysis of recent Dridex spam campaigns found that they are operating on a vast scale, with millions of new emails being sent out on a daily basis. The attackers behind Dridex are disciplined and professional. They operate on a standard working week, continually refine the malware, and put significant effort into disguising their spam campaigns as legitimate emails.
#212 Mandated encryption backdoors? Such a bad idea, says ENISA cybersecurity agency
European cybersecurity agency ENISA has come down firmly against backdoors and encryption restrictions, arguing they only help criminals and terrorists while harming industry and society.
#211 Online security? Just let me Google that
That's the stark warning following a survey by security company Palo Alto Networks which directly asked C-Level executives about their knowledge surrounding security issues and 13% said they only "kind of" understand what defines an online security risk to a businesses. Worryingly, many in leadership roles also said they still have to use Google to help explain cyber security risk.
#210 Disabled PadCrypt ransomware includes live chat
Discovered by a Swiss researcher at abuse.ch, PadCrypt is the first ransomware family to include the capability for real-time interaction with the attackers. The malware’s known command-and-control servers, annaflowersweb[.]com, subzone3[.]2fh[.]co, and cloudnet[.]online are down, and for now PadCrypt is not a major threat.
#209 WhiteHat Hacker stole crypto keys from an offline laptop in another room
The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key.
#208 The best antivirus software for Android Report
#207 Libgraphite Font Processing Vulnerabilities
An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service; A specially crafted font can cause a buffer overflow resulting in potential code execution; An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a cras
#206 Hollywood hospital held to ransom by hackers
Ransomware is a growing menace for computer users - but when a hospital is targeted, it makes the disruption far more serious. Computer systems at Hollywood Presbyterian Medical Center have been offline for more than a week following a ransomware attack. According to local news sources, hackers were said to have demanded $3.4m to provide the codes to unlock the stolen data.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12